{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0553", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2024-01-15T04:35:34.146Z", "datePublished": "2024-01-16T11:40:50.677Z", "dateUpdated": "2024-11-23T00:10:16.608Z"}, "containers": {"cna": {"title": "Gnutls: incomplete fix for cve-2023-5981", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981."}], "affected": [{"versions": [{"status": "affected", "version": "3.8.0", "lessThan": "3.8.3", "versionType": "semver"}], "packageName": "gnutls", "collectionURL": "https://gnutls.org/download.html", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gnutls", "defaultStatus": "affected", "versions": [{"version": "0:3.6.16-8.el8_9.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gnutls", "defaultStatus": "affected", "versions": [{"version": "0:3.6.16-8.el8_9.1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gnutls", "defaultStatus": "affected", "versions": [{"version": "0:3.6.16-5.el8_6.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream", "cpe:/o:redhat:rhel_eus:8.6::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gnutls", "defaultStatus": "affected", "versions": [{"version": "0:3.6.16-7.el8_8.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:8.8::baseos", "cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gnutls", "defaultStatus": "affected", "versions": [{"version": "0:3.7.6-23.el9_3.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gnutls", "defaultStatus": "affected", "versions": [{"version": "0:3.7.6-23.el9_3.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gnutls", "defaultStatus": "affected", "versions": [{"version": "0:3.7.6-21.el9_2.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:rhel_eus:9.2::baseos", "cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/cephcsi-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-37", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/mcg-core-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-68", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/mcg-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-158", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/mcg-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-39", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-client-console-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-58", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-client-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-158", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-client-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-13", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-metrics-exporter-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-81", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-158", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/ocs-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-79", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-cli-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-22", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-console-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-57", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-cosi-sidecar-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-csi-addons-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-158", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-csi-addons-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-15", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-csi-addons-sidecar-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-15", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-multicluster-console-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-54", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-multicluster-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-158", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-multicluster-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-must-gather-rhel9", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-26", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-158", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odf-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-19", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odr-cluster-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-158", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odr-hub-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-158", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/odr-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-21", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHODF-4.15-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "odf4/rook-ceph-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v4.15.0-103", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:openshift_data_foundation:4.15::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/cluster-logging-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.8.6-22", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/cluster-logging-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v5.8.6-11", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch6-rhel9", "defaultStatus": "affected", "versions": [{"version": "v6.8.1-407", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.8.6-19", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch-proxy-rhel9", "defaultStatus": "affected", "versions": [{"version": "v1.0.0-479", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/elasticsearch-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v5.8.6-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/eventrouter-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.4.0-247", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/fluentd-rhel9", "defaultStatus": "affected", "versions": [{"version": "v5.8.6-5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/log-file-metric-exporter-rhel9", "defaultStatus": "affected", "versions": [{"version": "v1.1.0-227", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-curator5-rhel9", "defaultStatus": "affected", "versions": [{"version": "v5.8.1-470", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-loki-rhel9", "defaultStatus": "affected", "versions": [{"version": "v2.9.6-14", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/logging-view-plugin-rhel9", "defaultStatus": "affected", "versions": [{"version": "v5.8.6-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/loki-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "v5.8.6-24", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/loki-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "v5.8.6-10", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/lokistack-gateway-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.1.0-525", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/opa-openshift-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.1.0-224", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "RHOL-5.8-RHEL-9", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "openshift-logging/vector-rhel9", "defaultStatus": "affected", "versions": [{"version": "v0.28.1-56", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:logging:5.8::el9"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gnutls", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "gnutls", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:0533", "name": "RHSA-2024:0533", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0627", "name": "RHSA-2024:0627", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0796", "name": "RHSA-2024:0796", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1082", "name": "RHSA-2024:1082", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1108", "name": "RHSA-2024:1108", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1383", "name": "RHSA-2024:1383", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2094", "name": "RHSA-2024:2094", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0553", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", "name": "RHBZ#2258412", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"}, {"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"}], "datePublic": "2024-01-16T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "description": "Observable Discrepancy", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1300->CWE-203: Improper Protection of Physical Side Channels leads to Observable Discrepancy", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2024-01-15T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-01-16T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-23T00:10:16.608Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:11:35.649Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0533", "name": "RHSA-2024:0533", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0627", "name": "RHSA-2024:0627", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0796", "name": "RHSA-2024:0796", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1082", "name": "RHSA-2024:1082", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1108", "name": "RHSA-2024:1108", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1383", "name": "RHSA-2024:1383", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:2094", "name": "RHSA-2024:2094", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2024-0553", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", "name": "RHBZ#2258412", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://gitlab.com/gnutls/gnutls/-/issues/1522", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "tags": ["x_transferred"]}, {"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240202-0011/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4950F54-4C00-423E-9483-239B4B907912", "versionEndExcluding": "3.8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en GnuTLS. Los tiempos de respuesta a textos cifrados con formato incorrecto en RSA-PSK ClientKeyExchange difieren de los tiempos de respuesta de textos cifrados con el relleno PKCS#1 v1.5 correcto. Este problema puede permitir que un atacante remoto realice un ataque de canal lateral de sincronizaci\u00f3n en el intercambio de claves RSA-PSK, lo que podr\u00eda provocar la fuga de datos confidenciales. CVE-2024-0553 est\u00e1 designado como una resoluci\u00f3n incompleta para CVE-2023-5981."}], "id": "CVE-2024-0553", "lastModified": "2024-11-21T08:46:51.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-16T12:15:45.557", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0533"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0627"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0796"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1082"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1108"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1383"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:2094"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-0553"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0533"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0627"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1082"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1383"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:2094"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2024-0553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240202-0011/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:0627", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "gnutls-0:3.6.16-8.el8_9.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:0627", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "gnutls-0:3.6.16-8.el8_9.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-01-31T00:00:00Z"}, {"advisory": "RHSA-2024:1108", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "gnutls-0:3.6.16-5.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}, {"advisory": "RHSA-2024:0796", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "gnutls-0:3.6.16-7.el8_8.2", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-02-13T00:00:00Z"}, {"advisory": "RHSA-2024:0533", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "gnutls-0:3.7.6-23.el9_3.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-29T00:00:00Z"}, {"advisory": "RHSA-2024:0533", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "gnutls-0:3.7.6-23.el9_3.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-01-29T00:00:00Z"}, {"advisory": "RHSA-2024:1082", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "gnutls-0:3.7.6-21.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/cephcsi-rhel9:v4.15.0-37", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/mcg-core-rhel9:v4.15.0-68", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/mcg-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/mcg-rhel9-operator:v4.15.0-39", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-client-console-rhel9:v4.15.0-58", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-client-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-client-rhel9-operator:v4.15.0-13", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-metrics-exporter-rhel9:v4.15.0-81", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-rhel9-operator:v4.15.0-79", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-cli-rhel9:v4.15.0-22", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-console-rhel9:v4.15.0-57", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-cosi-sidecar-rhel9:v4.15.0-6", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-csi-addons-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-csi-addons-rhel9-operator:v4.15.0-15", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-csi-addons-sidecar-rhel9:v4.15.0-15", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.15.0-54", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-multicluster-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-multicluster-rhel9-operator:v4.15.0-10", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-must-gather-rhel9:v4.15.0-26", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-rhel9-operator:v4.15.0-19", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odr-cluster-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odr-hub-operator-bundle:v4.15.0-158", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odr-rhel9-operator:v4.15.0-21", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/rook-ceph-rhel9-operator:v4.15.0-103", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.8.6-22", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.8.6-11", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch6-rhel9:v6.8.1-407", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-operator-bundle:v5.8.6-19", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-proxy-rhel9:v1.0.0-479", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/elasticsearch-rhel9-operator:v5.8.6-7", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-247", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/fluentd-rhel9:v5.8.6-5", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-227", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-curator5-rhel9:v5.8.1-470", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-loki-rhel9:v2.9.6-14", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.8.6-2", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-operator-bundle:v5.8.6-24", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/loki-rhel9-operator:v5.8.6-10", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-525", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-224", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}, {"advisory": "RHSA-2024:2094", "cpe": "cpe:/a:redhat:logging:5.8::el9", "package": "openshift-logging/vector-rhel9:v0.28.1-56", "product_name": "RHOL-5.8-RHEL-9", "release_date": "2024-05-01T00:00:00Z"}], "bugzilla": {"description": "gnutls: incomplete fix for CVE-2023-5981", "id": "2258412", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-1300->CWE-203", "details": ["A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-0553", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "gnutls", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gnutls", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2024-01-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-0553\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0553\nhttps://gitlab.com/gnutls/gnutls/-/issues/1522\nhttps://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"], "statement": "The identified vulnerability in the GnuTLS library, designated as CVE-2024-0553, presents a moderate severity concern due to its potential for facilitating timing side-channel attacks in RSA-PSK ciphersuites. While the flaw allows for the exploitation of timing differentials during the key exchange process, enabling attackers to infer sensitive data, its impact is constrained by several factors. Firstly, successful exploitation requires precise timing measurements and sophisticated analysis techniques, posing a significant barrier to entry for potential attackers. Additionally, the effectiveness of the attack is contingent on environmental factors such as network latency and system load, further limiting its practical feasibility. \nThis issue marked as an incomplete resolution for a previously identified vulnerability, CVE-2023-5981, indicating a potential persistence or recurrence of the problem.", "threat_severity": "Moderate"}